CVE-2021-20844

Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:yamaha:rtx830_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yamaha:rtx830:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:yamaha:nvr510_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yamaha:nvr510:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:yamaha:nvr700w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yamaha:nvr700w:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:yamaha:rtx1210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yamaha:rtx1210:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:ntt-west:biz_box_rtx830_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ntt-west:biz_box_rtx830:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:ntt-west:biz_box_nvr510_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ntt-west:biz_box_nvr510:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:ntt-west:biz_box_nvr700w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ntt-west:biz_box_nvr700w:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:ntt-west:biz_box_rtx1210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ntt-west:biz_box_rtx1210:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:47

Type Values Removed Values Added
References () http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html - Mitigation, Vendor Advisory () http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html - Mitigation, Vendor Advisory
References () https://business.ntt-east.co.jp/topics/2021/11_09.html - Mitigation, Vendor Advisory () https://business.ntt-east.co.jp/topics/2021/11_09.html - Mitigation, Vendor Advisory
References () https://jvn.jp/en/vu/JVNVU91161784/index.html - Mitigation, Third Party Advisory () https://jvn.jp/en/vu/JVNVU91161784/index.html - Mitigation, Third Party Advisory
References () https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html - Mitigation, Vendor Advisory () https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html - Mitigation, Vendor Advisory

30 Nov 2021, 07:12

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 3.5
v3 : 5.7
CWE CWE-116
CPE cpe:2.3:o:ntt-west:biz_box_nvr510_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yamaha:nvr510:-:*:*:*:*:*:*:*
cpe:2.3:o:yamaha:nvr700w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ntt-west:biz_box_rtx1210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ntt-west:biz_box_nvr510:-:*:*:*:*:*:*:*
cpe:2.3:o:yamaha:nvr510_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ntt-west:biz_box_rtx830:-:*:*:*:*:*:*:*
cpe:2.3:h:ntt-west:biz_box_nvr700w:-:*:*:*:*:*:*:*
cpe:2.3:o:ntt-west:biz_box_rtx830_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yamaha:rtx1210:-:*:*:*:*:*:*:*
cpe:2.3:h:yamaha:nvr700w:-:*:*:*:*:*:*:*
cpe:2.3:h:ntt-west:biz_box_rtx1210:-:*:*:*:*:*:*:*
cpe:2.3:o:ntt-west:biz_box_nvr700w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:yamaha:rtx830_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:yamaha:rtx1210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yamaha:rtx830:-:*:*:*:*:*:*:*
References (MISC) https://jvn.jp/en/vu/JVNVU91161784/index.html - (MISC) https://jvn.jp/en/vu/JVNVU91161784/index.html - Mitigation, Third Party Advisory
References (MISC) http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html - (MISC) http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html - Mitigation, Vendor Advisory
References (MISC) https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html - (MISC) https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html - Mitigation, Vendor Advisory
References (MISC) https://business.ntt-east.co.jp/topics/2021/11_09.html - (MISC) https://business.ntt-east.co.jp/topics/2021/11_09.html - Mitigation, Vendor Advisory

24 Nov 2021, 16:18

Type Values Removed Values Added
New CVE

Information

Published : 2021-11-24 16:15

Updated : 2024-11-21 05:47


NVD link : CVE-2021-20844

Mitre link : CVE-2021-20844

CVE.ORG link : CVE-2021-20844


JSON object : View

Products Affected

yamaha

  • nvr700w
  • rtx830_firmware
  • rtx1210
  • nvr700w_firmware
  • nvr510
  • rtx1210_firmware
  • rtx830
  • nvr510_firmware

ntt-west

  • biz_box_nvr700w
  • biz_box_nvr510
  • biz_box_rtx1210
  • biz_box_rtx830_firmware
  • biz_box_nvr700w_firmware
  • biz_box_rtx830
  • biz_box_rtx1210_firmware
  • biz_box_nvr510_firmware
CWE
CWE-116

Improper Encoding or Escaping of Output